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- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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7) D Claim(s) is/are objected to. 
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Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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DETAILED ACTION 

1 . This action is in response to the application filed on 1/17/2002. 

2. Claims 1-31 are under examination. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

3. Claims 1-5, 7-13, 15-25, 27-29 and 30 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Krishna, Suresh (WO 01/05086) and in view of Hausman et al 
(US Patent No. 6,112,252). 

As per claim 1 , Krishna discloses: 
a network to transmit an encrypted packet; and a computer to receive said encrypted 
packet from said network, and to perform a decryption operation thereupon to convert 
said encrypted packet to a decrypted packet [page 3 line 8 "as connecting a single 
computer to a WAN, to large corporate network", line 6 "to efficiently process 
encryption/decryption of data packets"], said computer including: 
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a network interface to provide electronic communication between said computer and 
said network [Fig. 1A component 112 Network Interface], a network driver to regulate 
said decryption operation [page 3 lines 7-9 "Cryptography acceleration chip in 
accordance as diverse as connecting a single computer to a WAN"] , a controller 
to perform said decryption operation [page lines 5-6 "a plurality of cryptography 
engines and includes a classification engine configured to efficiently process 
encryption/decryption of data packets"], a host memory to store data that is used or 
generated by said decryption operation [Fig. 1B component 166 Main Memory page 7 
line 36, page 8 lines 1-2 "the processed packets are then sent back over the 
matrix 154, through the memory 166"], and a bus providing electronic communication 
among said network interface, said network driver, said host memory and said controller 
[Fig. 1A component 104 system bus]. 

Krishna doesn't teach that asserting an interrupt prior to a complete 
transfer ("Secondary Use complete" interrupt i.e. second early interrupt). 

However, Hausman teaches that asserting an interrupt prior to a complete 
transfer [coL 1 lines 47- 49 "generates interrupts before complete packets have 
been received from the network (early receive interrupts)"]. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art at the time the invention was made to incorporate the teaching of Hausman into the 
teaching of Krishna to generate interrupts before complete packet have been received 
from the network (early receive interrupts). The modification would be obvious because 
one of ordinary skill in the art would be motivated to generate early receive interrupts, 
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so that it reduces overall latency in a CSMA/CD network and provides high throughput 
for hosts of network [Hausman, col. 1 lines 51-52, 16-17]. 

As per claim 2 . the rejection of claim 1 is incorporated and further Krishna 

discloses: 

security association (SA) is stored in said host memory [page 11 lines 8-10 "the chip 
also includes various buffers 210 for storing packet data, security association 
information" Fig. 3]. 

As per claim 3 , the rejection of claim 2 is incorporated and further Krishna 

discloses: 

network driver parses said encrypted packet, matches said encrypted packet with one 
of said at least one SA [page 11 lines 18-20 "packet header information is sent to a 
packet classifier unit 204 where a classification engine rapidly determines 
security association information required for processing the packet"] and instructs 
said network interface to transfer said encrypted packet and said one SA across said 
bus to said controller [page 11 lines 31-33 "the packet distributor unit 306 then 
distributes the security association information(SA) received from the packet 
classifier unit 304 and the packet data via the internal bus 305 among a plurality 
of cryptography processing engines 316" Fig. 6A]. 
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As per claim 4 , the rejection of claim 1 is incorporated and further Krishna 

discloses: 

network interface includes a cryptography accelerator [page 6 lines 16-17 "as shown 
in Fig. 1, the cryptography acceleration chip 102 may be part of an otherwise 
standard network line card 103 which includes a WAN interface 112"]. 

As per claim 5 , the rejection of claim 1 is incorporated and further Krishna 

discloses: 

controller transfers said decrypted packet across said bus from said controller to said 
host memory {page 7 line 36, page 8 line 1 "the processed packet are then sent 
back over the matrix 154, through the memory 166"]. 

As per claim 7 , the rejection of claim 1 is incorporated and further Krishna 

discloses: 

network driver specifies an average latency value to said controller for use in said 
decryption operation {page 12 lines 31-33 "the classification engine provides 
support for general IPSec policy rule sets, including wild cards, overlapping 
rules, conflicting rules and conducts deterministic searches in a fixed number of 
clock cycles"]. 

As per claim 8 , it encompasses limitations that are similar to limitations of 
claim 1. Thus, it is rejected with the same rationale applied against claim 1 above. 
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As per claim 9 , the rejection of claim 8 is incorporated and further Krishna 

teaches: 

network interface to provide electronic communication between said computer and a 
network [page 6 lines 16-18 "as shown in Fig. 1, the cryptography acceleration 
chip 102 may be part of an otherwise standard network line card 103 which 
includes a WAN interface 112 that connects the processing system 100 to a WAN, 
such as the internet"]. 

As per claim 10 , the rejection of claim 9 is incorporated and is rejected for 
the same reason set forth in the rejection of claim 2 above. 

As per claim 1 1 , the rejection of claim 10 is incorporated and is rejected 
for the same reason set forth in the rejection of claim 3 above. 

As per claim 12 , the rejection of claim 8 is incorporated and is rejected for 
the same reason set forth in the rejection of claim 4 above. 

As per claim 13 , the rejection of claim 8 is incorporated and is rejected for 
the same reason set forth in the rejection of claim 5 above. 



As per claim 15 , the rejection of claim 8 is incorporated and is rejected for 
the same reason set forth in the rejection of claim 7 above. 
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As per claim 16 . it is a method claim corresponds to system claim 1 and is 
rejected for the same reason set forth in the rejection of claim 1 above. 

As per claim 17 , the rejection of claim 16 is incorporated and further 
Krishna teaches: 

issuing a decryption command to a controller [page 12 lines 5-6 "the packet 
distributor unit 306 includes a processor which control the sequencing and 
processing of the packets according to microcode stored on the chip" Fig. 3]; and 

Krishna doesn't not explicitly teach that determine a time for the interrupt 
in response to the decryption command. 

However, Hausman teaches that an interrupt timer determines a need for 
adjustment to the Early Transmit interrupt [col. 8 lines 47-51 "the interrupt timer 
incorporated into ethernet control circuitry 150 may instead be used to determine 
whether the Early Receive threshold should be adjusted (and may be used to 
determine a need for similar adjustments to the Early Transmit interrupt)"]. Thus 
interrupt timer in Hausman is evidently determined the time for the interrupt. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art at the time the invention was made to incorporate the teaching of Hausman into the 
teaching of Krishna to use interrupt timer to determine the time for the interrupt. The 
modification would be obvious because one of ordinary skill in the art would be 
motivated to determine the Early Receive threshold properly accounts for the CPU's 
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interrupt latency and if the two compared values differ by a significant amount, the Early 
Receive threshold is adjusted accordingly [Hausman, col. 8 lines 41-45\. 

As per claim 18 , the rejection of claim 16 is incorporated and further claim 
18 is a method claim corresponds to system claim 3 and is rejected for the same reason 
set forth in the rejection of claim 3 above. 

As per claim 19 . the rejection of claim 16 is incorporated and further 
Krishna teaches: 

step of converting said encrypted packet to said decrypted packet further includes 
authenticating said decrypted packet [Fig. 6A page 9 lines 9-10 "then pass the 
packet along to one of the four cryptography and authentication engines 214"]. 

As per claim 20 . the rejection of claim 16 is incorporated and further claim 
20 is a method claim corresponds to system claim 6 and is rejected for the same reason 
set forth in the rejection of claim 6 above. 

As per claim 21 . the rejection of claim 16 is incorporated and further 
Krishna teaches: 

decrypted packet to a protocol stack after asserting said interrupt [Fig. 3 component 
318 output FIFO (MAC) page 12 lines 16-17 "the packet distributor 306 control the 
output FIFO 318 to ensure that packet ordering (i.e. Per-flow ording) is 
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maintained", page 9 lines 31-35 "Per-flow ordering offers a good trade-off 
between maximizing end-to-end system performance (specifically desktop PC 
TCP/IP stack)"]. 

As per claim 22 , it is a device claim corresponds to system claim 1 and is 
rejected for the same reason set forth in the rejection of claim 1 above. Further Krishna 
teaches: 

a machine-readable storage medium; and machine-readable program code, stored on 
the machine-readable storage medium [page 12 lines 5-6 "a processor which 
controls the sequencing and processing of the packets according to microcode 
stored on the chip"]. 

As per claim 23 , the rejection of claim 22 is incorporated and further claim 

23 is a device claim corresponds to method claim 17 and is rejected for the same 
reason set forth in the rejection of claim 17 above. 

As per claim 24 , the rejection of claim 22 is incorporated and further claim 

24 is a device claim corresponds to system claim 3 and is rejected for the same reason 
set forth in the rejection of claim 3 above. 
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As per claim 25 , the rejection of claim 22 is incorporated and further claim 
25 is a device claim corresponds to method claim 19 and is rejected for the same 
reason set forth in the rejection of claim 19 above. 

As per claim 27 , the rejection of claim 22 is incorporated and further claim 
27 is a device claim corresponds to method claim 21 and is rejected for the same 
reason set forth in the rejection of claim 21 above. 

As per claim 28 , it encompasses limitations that are similar to limitations 
of claim 1. Thus, it is rejected with the same rationale applied against claim 1 above. 

As per claim 29 , the rejection of claim 28 is incorporated and further claim 

29 is corresponds to claim 2 and is rejected for the same reason set forth in the 
rejection of claim 2 above. 

As per claim 30 . the rejection of claim 29 is incorporated and further claim 

30 is corresponds to claim 3 and is rejected for the same reason set forth in the 
rejection of claim 3 above. 
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4. Claims 6, 14, 26 and 31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Krishna, Suresh (WO 01/05086) in view of Hausman et al (US Patent 
No. 6,1 12,252) and further in view Kagan et al (US Patent No. 6,243,787). 

As per claim 6 , the rejection of claim 1 is incorporated. Krishna and 
Hausman don't clearly teach that controller asserts an additional interrupt after 
completion of said decryption operation. 

However, Kagan teaches that asserting an interrupt after completion of 
operation [col. 2 lines 54-55 "after sending the data, the peripheral device assert 
an interrupt" col. 2 lines 65-67 "the host interface will receive the interrupt packet 
only after it has received all of the preceding data packets"]. 

Therefore, it would have been obvious to a person of ordinary skill in the 
art at the time the invention was made to incorporate the teaching of Kagan into the 
teaching of Krishna and Hausman to assert an interrupt after sending the data. The 
modification would be obvious because one of ordinary skill in the art would be 
motivated to use packet switching fabrics to connect a computer host to peripheral 
device so that reduces latency and processing time required for servicing of interrupts 
by the CPU [Kagan, col. 2 lines 45-48]. 



As per claim 14 , the rejection of claim 8 is incorporated and is rejected for 
the same reason set forth in the rejection of claim 6 above. 
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As per claim 26 . the rejection of claim 22 is incorporated and further claim 
26 is a device claim corresponds to system claim 6 and is rejected for the same reason 
set forth in the rejection of claim 6 above. 

As per claim 31 . the rejection of claim 28 is incorporated and further claim 
31 is corresponds to claim 6 and is rejected for the same reason set forth in the 
rejection of claim 6 above. 
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Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Ellington, Jr et al (US Patent No. 6,708,218) discloses that a hardware 
function performed in the data link control layer first determines if a received frame is an 
IP frame requiring IPSec processing, and if it is, places the IPSec frame on a separate 
receive queue for subsequent inbound processing. 

Rege et al (US Patent No. 5,440,690) discloses that a network adapter 
with an interrupt generation circuit to minimize the number of host computer system 
interrupts needed to notify the host computer system that the network adapter has 
consumed one or more host memory buffers. 

Boucher et al (US Patent No. 6,226,680) discloses that a system for 
protocol processing in a computer network has an intelligent network interface card 
(INIC) or communication processing device (CPD) associated with a host computer. 
The INIC provides a fast-path that avoids protocol processing for most large multipacket 
messages, greatly accelerating data communication. 

Johnson (US Patent No. 5,905,874) discloses a computer system for 
communicating with a network including a host processor, memory, an interface bus 
and a network interface device for reducing data transfer latency between the computer 
system and the network. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nirav Patel whose telephone number is 571-272-5936. 
The examiner can normally be reached on 8 am - 4:30 pm (M-F). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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